On 03/29/13 at 08:47pm, Björn Persson wrote: > > 2. An alternate approach is to come up with an expanded list of packages > > which should be hardened. > > Since FESCo maintains a list, I suppose anyone can propose specific > programs to be added to the list, but it seems pointless to explicitly > list programs that are already covered by the first three criteria. > I agree that it seems pointless (and tedious) to explicitly list programs which are already covered. However many packages (like PostgreSQL, Dovecot and MongoDB) meet the criteria but still are not getting hardened. I am not sure about the underlying reasons (oversight / performance concerns / etc.). What would be a good way to solve this problem in your opinion? (File bugs / Explicitly list such packages / Turn on hardening by default) It would be great to have some sort of automated method to find if hardening criteria applies to a particular package. Ideas are welcome! -- Dhiru -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
